* Added a brand new HTML output format/report by default, making results a lot easier to navigate! Custom search bar instead of relying on DataTables which can be super slow for large HTML files. We're now also groupping results by Category across all contributors and highlighting results which contain a WARNING keyword.

* Added certain association results to Contributor results, not all to prevent extra noise.
* Added the ability to specify a directory for output instead of a file, gitxray creating the filename for you.
* Removed the concept of 'Verbose' results, merging them with the non-verbose categories.
* Removed the need for repositories and organizations to start with https://github.com (Thanks to @mattaereal for pointing that out!)

Author: llavarello

src/gitxray/gitxray.py

@@ -20,7 +20,7 @@ def gitxray_cli():
 ░░██████                                                  ░░██████  
  ░░░░░░                                                    ░░░░░░   
 gitxray: X-Ray and analyze Github Repositories and their Contributors. Trust no one!
-v1.0.15 - Developed by Kulkan Security [www.kulkan.com] - Penetration testing by creative minds.
+v1.0.16 - Developed by Kulkan Security [www.kulkan.com] - Penetration testing by creative minds.
 """+"#"*gx_definitions.SCREEN_SEPARATOR_LENGTH)
 
     # Let's initialize a Gitxray context, which parses arguments and more.
@@ -37,8 +37,13 @@ def gitxray_cli():
     else:
         gx_output.notify(f"GitHub Token loaded from {gx_definitions.ENV_GITHUB_TOKEN} env variable.")
 
-    if not gx_context.verboseEnabled():
-        gx_output.notify(f"Verbose mode is DISABLED. You might want to use -v if you're hungry for information.")
+    gx_output.notify(f"Output format set to [{gx_context.getOutputFormat().upper()}] - You may change it with -outformat.")
+
+    if gx_context.getOutputFile():
+        gx_output.notify(f"Output file set to: {str(gx_context.getOutputFile())} - You may change it with -out.")
+        if gx_context.getOrganizationTarget():
+            # Let's warn the user that in Organization mode, the output file will contain a repository name preffix
+            gx_output.warn("The Output file name when targetting an Organization will include an Organization and Repository prefix.")
 
     if gx_context.getOutputFilters():
         gx_output.notify(f"You have ENABLED filters - You will only see results containing the following keywords: {str(gx_context.getOutputFilters())}")
@@ -76,6 +81,9 @@ def gitxray_cli():
             # Let's keep track of the repository that we're X-Raying
             gx_context.setRepository(repository)
 
+            # if an Organization is in target, add a repository prefix to the output filename
+            if gx_context.getOrganizationTarget() and gx_context.getOutputFile(): gx_context.setOutputFilePrefix(repository.get("full_name"))
+
             # Now call our xray modules! Specifically by name, until we make this more plug and play
             # The standard is that a return value of False leads to skipping additional modules
 

src/gitxray/include/gh_public_events.py

@@ -33,80 +33,77 @@ def log_events(events, gx_output, for_repository=False):
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#commitcommentevent
         if etype == "CommitCommentEvent":
-                logging_func(f"{ts}: {actor}created a comment in a commit: [{payload.get('comment').get('html_url')}]", rtype="v_90d_events")
+                logging_func(f"{ts}: {actor}created a comment in a commit: [{payload.get('comment').get('html_url')}]", rtype="90d_events")
                 pass
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#createeventA
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#deleteevent
         elif etype == "CreateEvent" or etype == "DeleteEvent":
             action = "created" if etype == "CreateEvent" else "deleted"
             if payload.get('ref_type') == "repository":
-                logging_func(f"{ts}: {actor}{action} a repository: [{event.get('repo').get('name')}]", rtype="v_90d_events")
+                logging_func(f"{ts}: {actor}{action} a repository: [{event.get('repo').get('name')}]", rtype="90d_events")
             else:
-                logging_func(f"{ts}: {actor}{action} a {payload.get('ref_type')}: [{payload.get('ref')}] in repo [{event.get('repo').get('name')}]", rtype="v_90d_events")
+                logging_func(f"{ts}: {actor}{action} a {payload.get('ref_type')}: [{payload.get('ref')}] in repo [{event.get('repo').get('name')}]", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#forkevent
         elif etype == "ForkEvent":
-            logging_func(f"{ts}: {actor}forked a repository: {event.get('repo').get('name')} into {payload.get('forkee').get('full_name')}", rtype="v_90d_events")
+            logging_func(f"{ts}: {actor}forked a repository: {event.get('repo').get('name')} into {payload.get('forkee').get('full_name')}", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#gollumevent
         elif etype == "GollumEvent":
             for page in payload.get('pages'):
-                logging_func(f"{ts}: {actor}{page.get('action')} Wiki page at [{page.get('html_url')}]", rtype="v_90d_events")
+                logging_func(f"{ts}: {actor}{page.get('action')} Wiki page at [{page.get('html_url')}]", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#issuecommentevent
         elif etype == "IssueCommentEvent":
-            logging_func(f"{ts}: {actor}{action} a comment in an Issue [{payload.get('issue').get('html_url')}]", rtype="v_90d_events")
+            logging_func(f"{ts}: {actor}{action} a comment in an Issue [{payload.get('issue').get('html_url')}]", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#issuesevent
         elif etype == "IssuesEvent":
-                logging_func(f"{ts}: {actor}{action} an Issue: [{payload.get('issue').get('html_url')}]", rtype="v_90d_events")
+                logging_func(f"{ts}: {actor}{action} an Issue: [{payload.get('issue').get('html_url')}]", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#memberevent
         elif etype == "MemberEvent":
             added_who = payload.get('member').get('login')
             to_repo = event.get('repo').get('name')
-            logging_func(f"{ts}: {actor}{action} a user [{added_who}] as a collaborator to repo: [{to_repo}]", rtype="v_90d_events")
+            logging_func(f"{ts}: {actor}{action} a user [{added_who}] as a collaborator to repo: [{to_repo}]", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#publicevent
         elif etype == "PublicEvent":
-            logging_func(f"{ts}: {actor}switched a repository from PRIVATE to PUBLIC, repo: [{event.get('repo').get('name')}]", rtype="v_90d_events")
+            logging_func(f"{ts}: {actor}switched a repository from PRIVATE to PUBLIC, repo: [{event.get('repo').get('name')}]", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#pullrequestevent
         elif etype == "PullRequestEvent":
-            logging_func(f"{ts}: {actor}{action} a PR: [{payload.get('pull_request').get('html_url')}]", rtype="v_90d_events")
+            logging_func(f"{ts}: {actor}{action} a PR: [{payload.get('pull_request').get('html_url')}]", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#pullrequestreviewevent
         elif etype == "PullRequestReviewEvent":
-            logging_func(f"{ts}: {actor}{action} a PR Review: [{payload.get('pull_request').get('html_url')}]", rtype="v_90d_events")
+            logging_func(f"{ts}: {actor}{action} a PR Review: [{payload.get('pull_request').get('html_url')}]", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#pullrequestreviewcommentevent
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#pullrequestreviewthreadevent
         elif etype == "PullRequestReviewCommentEvent" or etype == "PullRequestReviewThreadEvent":
-            logging_func(f"{ts}: {actor}{action} a comment in PR: [{payload.get('pull_request').get('html_url')}]", rtype="v_90d_events")
+            logging_func(f"{ts}: {actor}{action} a comment in PR: [{payload.get('pull_request').get('html_url')}]", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#pushevent
         elif etype == "PushEvent":
-            logging_func(f"{ts}: {actor}pushed a total of {len(payload.get('commits'))} commits from: [{payload.get('ref')}]", rtype="v_90d_events")
+            logging_func(f"{ts}: {actor}pushed a total of {len(payload.get('commits'))} commits from: [{payload.get('ref')}]", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#releaseevent
         elif etype == "ReleaseEvent":
-            logging_func(f"{ts}: {actor}published a Release at [{payload.get('release').get('html_url')}]", rtype="v_90d_events")
+            logging_func(f"{ts}: {actor}published a Release at [{payload.get('release').get('html_url')}]", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#sponsorshipevent
         elif etype == "SponsorshipEvent":
-            logging_func(f"{ts}: {actor}{action} a Sponsorship Event]", rtype="v_90d_events")
+            logging_func(f"{ts}: {actor}{action} a Sponsorship Event]", rtype="90d_events")
 
         # https://docs.github.com/en/rest/using-the-rest-api/github-event-types?apiVersion=2022-11-28#watchevent
         elif etype == "WatchEvent":
-            logging_func(f"{ts}: {actor}starred a repository: [{event.get('repo').get('name')}]", rtype="v_90d_events")
+            logging_func(f"{ts}: {actor}starred a repository: [{event.get('repo').get('name')}]", rtype="90d_events")
         else:
             logging_func(f"Missing parser in recent events for: {etype} with {payload}", rtype="debug")
 
 
-    # If verbose is enabled, we skip the summary as it becomes redundant.
-    if gx_output.verbose_enabled(): return 
-
     # Now let's create the non-debug summarized version of messages.
     for (month, etype, action), count in event_summary.items():
         summary_message = f"In {month}, "
@@ -196,5 +193,4 @@ def log_events(events, gx_output, for_repository=False):
 
 
         logging_func(summary_message, rtype="90d_events")
-    logging_func("For a detailed individual list of recent public events, use --verbose", rtype="90d_events")
     return

src/gitxray/include/gx_arg_parser.py

@@ -1,5 +1,5 @@
 # Our argparser is called by the Gitxray Context, we don't talk to it directly.
-import os, sys, argparse, re
+import os, sys, argparse, re, datetime
 
 def parse_repositories_from_file(filepath):
     if not os.path.exists(filepath):
@@ -16,7 +16,7 @@ def parse_repositories_from_file(filepath):
 
 def validate_repository_org_link(repo):
     if not repo.startswith("https://"):
-        raise argparse.ArgumentTypeError(f"Invalid URL '{repo}'. It should start with 'https://'.")
+        return f'https://github.com/{repo}'
     return repo
 
 def validate_contributors(username_string):
@@ -39,7 +39,7 @@ def parse_arguments():
     group.add_argument('-r', '--repository',
             type=validate_repository_org_link,
             action='store',
-            help='The repository to check (an https:// URL)')
+            help='The repository to check (Including https://github.com/ is optional)')
 
     group.add_argument('-rf', '--repositories-file',
             type=parse_repositories_from_file,
@@ -49,7 +49,7 @@ def parse_arguments():
     group.add_argument('-o', '--organization',
             type=validate_repository_org_link,
             action='store',
-            help='An organization to check all of their repositories (an https:// URL)')
+            help='An organization to check all of their repositories (Including https://github.com/ is optional)')
 
     group_two = parser.add_mutually_exclusive_group(required=False)
 
@@ -68,11 +68,6 @@ def parse_arguments():
             action='store',
             help="Comma separated keywords to filter results by (e.g. private,macbook).")
 
-    parser.add_argument('-v', '--verbose',
-            action='store_true', 
-            default=False, 
-            help='Verbose output. For example, print a detailed list of public events instead of a summary.')
-
     parser.add_argument('--debug', 
             action='store_true', 
             default=False, 
@@ -84,16 +79,20 @@ def parse_arguments():
             help='Set the location for the output log file.')
 
     parser.add_argument('-outformat', '--output-format', type=str, action='store',
-            default='text',
-            help='Format for log file (text,json) - default: text',
-            choices = ['text', 'json'])
+            default='html',
+            help='Format for log file (html,text,json) - default: html',
+            choices = ['html', 'text', 'json'])
 
     args = parser.parse_args()
 
+    # If output format is 'html' and outfile is not specified, set it to current date and time
+    current_datetime = datetime.datetime.now().strftime('%Y-%m-%d_%H-%M-%S')
+    if args.output_format == 'html' and not args.outfile:
+        args.outfile = f"gitxray_{current_datetime}.html"
+
     if args.outfile:
         if os.path.isdir(args.outfile):
-            print("[!] Can't specify a directory as the output file, exiting.")
-            sys.exit()
+            args.outfile = f"{args.outfile}gitxray_{current_datetime}.html"
         if os.path.isfile(args.outfile):
             target = args.outfile
         else:

src/gitxray/include/gx_context.py

@@ -1,6 +1,6 @@
 from . import gx_arg_parser, gx_definitions
 from collections import defaultdict
-import os
+import os, re
 
 class Context:
     def __init__(self):
@@ -10,27 +10,34 @@ def __init__(self):
 
     def reset(self):
         self._identifier_user_relationship = defaultdict(list)
+        self._outfile_prefix = None
 
     def usingToken(self):
         return self._USING_TOKEN != None
 
     def debugEnabled(self):
         return self._cmd_args.debug
 
-    def verboseEnabled(self):
-        return self._cmd_args.verbose
-
-    def verboseLegend(self):
-        return "" if self.verboseEnabled() else "Set verbose mode for more data. "
-
     def listAndQuit(self):
         return self._cmd_args.list
 
     def getOutputFile(self):
-        return self._cmd_args.outfile
+        outfile = self._cmd_args.outfile
+        if self._outfile_prefix:
+            directory, filename = os.path.split(outfile)
+            slug = re.sub(r'[^A-Za-z0-9_]', '_', self._outfile_prefix)
+            slug = re.sub(r'_+', '_', slug).strip('_')
+            prefixed_filename = f'{slug}_{filename}'
+            return os.path.join(directory, prefixed_filename)
+    
+        return outfile
+
+    def setOutputFilePrefix(self, prefix):
+        self._outfile_prefix = prefix
+        return
 
     def getOutputFormat(self):
-        return self._cmd_args.output_format if self._cmd_args.output_format is not None else "text"
+        return self._cmd_args.output_format if self._cmd_args.output_format is not None else "html"
 
     def getOutputFilters(self):
         return self._cmd_args.filters